Upload
alienvault
View
245
Download
1
Tags:
Embed Size (px)
Citation preview
Agenda
• What is malware?
• Malware variants
• How does it get in?
• Tips for mitigating risk
• Detecting malware with USM
What is Malware?
Malware is a portmanteau that
refers to malicious software and
encompasses a large variety of
computer programs designed to
steal sensitive data, gain
unauthorized access, or just
wreak havoc.
Malware Variants
Ransomware
• Cryptolocker
• Bitlocker
• Cryptovault
Remote access
• Rootkits
Data gathering
• Spyware
• Adware
General maliciousness
Top Threats seen by SpiceHeads
We asked SpiceHeads what kind of malware they are seeing and
these seem to be the most prevalent:
• Ransomware
• Potentially Unwanted Programs (PUPs)
• Misc phishing emails
• Malicious email attachments disguised as
PDFs, Excel docs, etc.
Most popular “funny” answer?
Users… :p
How does it get in?
Users
• Blindly clicking links in email, social media, etc.
• Downloading and running email attachments
• Disgruntled/generally malicious users
• Using company assets outside of corporate perimeter
Social Engineering
• Phishing/Spearphishing
• Drive-by downloads
• Malicious executables
But, wait… I have Endpoint Protection!
While Anti-Malware scanners will spot the majority of malicious files, there are several ways to get past them:
• Polymorphic code
- Over lifespan of malware
- In real-time (every copy looks different)
• Encryption/packing
• Stealth
- Monitor system resource utilization
- Hiding malware in legitimate applications
- Sometimes even block anti-virus and/or system messages that might alert a user to the malware’s presence
• Some legacy Firewalls may not have the tech to detect
Risk Mitigation
Education
• Ongoing training
- New, different malware variants
- Delivery mechanisms
• Institute a policy
- What you can and cannot download on the corporate network
- What to do if your users get hit
Containment
• Network segmentation
Risk Mitigation
Continuous Monitoring
• Operate under the assumption that you will get breached
- If prevention doesn’t work for these folks, why do you think it would
work for you?
• Multiple detection methods
- Don’t put all of your eggs in one basket
AlienVault Vision
Accelerating and simplifying threat
detection and incident response for IT
teams with limited resources, on day
one
Enable organizations of all sizes to
benefit from the power of crowd-
sourced threat intelligence & unified
security
Unified Security Management Platform
Accelerates and simplifies threat detection and incident response for IT teams with
limited resources, on day one
AlienVault Labs Threat Intelligence
Identifies the most significant threats targeting your
network and provides context-specific remediation
guidance
Open Threat Exchange
The world’s largest repository of crowd-sourced
threat data, provides a continuous view of
real-time threats
AlienVault Approach:
Unified Security Management
USM Platform
ASSET DISCOVERY
• Active Network Scanning
• Passive Network Scanning
• Asset Inventory
• Host-based Software Inventory
VULNERABILITY
ASSESSMENT
• Continuous
Vulnerability Monitoring
• Authenticated /
Unauthenticated Active
Scanning
BEHAVIORAL MONITORING
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
SIEM
• SIEM Event Correlation
• Incident Response
INTRUSION DETECTION
• Network IDS
• Host IDS
• File Integrity Monitoring
Built-In, Essential Security Capabilities
888.613.6023
ALIENVAULT.COM
CONTACT US
Now for some Questions..
Questions? [email protected]
Twitter : @alienvault
Test Drive AlienVault USM
Download a Free 30-Day Trial
http://www.alienvault.com/free-trial
Check out our 15-Day Trial of USM for AWS
https://www.alienvault.com/free-trial/usm-for-aws
Try our Interactive Demo Site
http://www.alienvault.com/live-demo-site